It turns out that Angular $cookies was writing the cookie, but we had a domain/path problem. Because our Angular apps live outside our back end app directory, the page URL doesn't match the server path. If I visited the actual path, while the page didn't properly load, the cookie was present.